DHS: Nuclear plant hacks show ‘no indication’ of threat to public safety

U.S. officials warned industrial firms last week about an ongoing hacking campaign targeting individuals in the nuclear and energy industry, a DHS official confirmed to CyberScoop.

No operations systems were impacted, instead it was “limited to limited to administrative and business networks” and posed “no indication of a threat to public safety.”

Hackers sent spearphishing emails containing malware hidden in fake résumé documents to engineers in attempts to gain access to targeted machines and networks, according to a DHS and FBI report.

The New York Times identified Wolf Creek Nuclear Operating Corporation and their plant near Burlington, Kansas as one of the targets.

“The Department of Homeland Security and the Federal Bureau of Investigation are aware of a potential cyber intrusion affecting entities in the energy sector,” a DHS spokesperson told CyberScoop. “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks. In furtherance of public-private partnerships, the FBI and DHS routinely advise private industry of various cyber threat indicators in order to help systems administrators guard against the actions of persistent cyber criminals.”

The report was issued at TLP Amber, a distribution protocol meant to limit knowledge of the information because it carries risks to privacy or operations if leaked.

Hackers also used “watering hole attacks” by compromising legitimate websites visited by targets, according to the New York Times. Additionally, they engaged in unspecified man-in-the-middle attacks in which a target’s internet traffic was redirected through the hacker’s machine.

Last week, the energy-industry news site E&E News reported a separate batch of cyber intrusions at multiple nuclear power generators.

Wolf Creek Nuclear Operating Corporation said they were not impacted by those incidents.